Karmoko Sillah’s 750-Word Expanded Definition Of Malware


To:Prof. Ellis

From:Karmoko Sillah


Subject: According to the oxford dictionary, Malware is defined as “Programs written with the intent of being disruptive or damaging to (the user of) a computer or other electronic device; viruses, worms, spyware, etc., collectively” (“malware”, 2019.)

Reference: Firmware, n. (2019) In Oxford English Dictionary Online. Retrieved from https://www-oed-com.citytech.ezproxy.cuny.edu/view/Entry/267413?redirectedFrom=malware#eid


This paper will thoroughly examine and evaluate the term “malware” which is an integral part of the new age of technology. Malware is one of the biggest and original attacks that have been used for years by hackers in order to compromise systems. This paper will look into its origins. Dialogues pertaining to the topic of malware, and among other interesting things. I will be using various articles, books, and dialogues that I have found in order to dive deep into the term malware.


As generally defined by Kramer, “Intuitively, malware is software that harmfully attacks other software…Logically speaking, a harmful attack on a software system is nothing else than the falsification of a necessary condition for the correctness of that system. Hence, pieces of malware are falsifiers of the correctness hypothesis made de facto by the shipment of the software system”(Kramer, 2019). This definition given by Kramer, offers the definition that malware is an attack on computing systems through which falsified data is sent to systems in order to compromise individuals and exploit their vulnerable systems. Another definition given by Damshenas of malware is as stated, “Malware is a general term, which stands for malicious software and has many shapes (codes, scripts, active content and others). It has been designed to achieve some targets such as, collecting sensitive data, accessing private computer systems, even sometimes harming the systems“ (Damshenas, 2013). This author dives deeper into the definition of malware, where he says that malware takes on many different shapes . It’s not always just codes that are used to compromise a system, but scripts are used, ads, content, etc. This is why it is so hard to detect because there isn’t a single attack mechanism that is used in malware, it takes on various attacks. Similar to Kramer’s definition, this author also states that malware is used to cause intentional harm to a computer system for the purpose of accessing unauthorized information. The third definition given by Britannica’s book “From privacy to piracy” states, “Malware, or “ mal icious soft ware ,” is any kind of malicious computer program, such as a virus, trojan, spyware, or worm. Malware typically infects a personal computer (PC) through e-mail, Web sites, or attached hardware devices” (Britannica, 2011). The authors of this book define malware as being a code of malice which can be used as many different forms of attacks which are then injected into a person’s computer using false emails and sites. This definition is also similar to the ones prior to it , where it too defines malware as an intended attack towards another individual using different techniques . These authors don’t really differ in their definition of malware, some offer a more in-depth definition than the other, but they all lean towards the same denotation of the word “malware”.


As technology continues to evolve so will the threat of malware. According to Mohd Fazal Ab Razak, “With the availability of new technologies, malware authors are able to use novel approaches to hide detection. This has led to the many studies which are conducted to explore the malware do- main… Verizon reported that around 170 million of malware events occur across organizations, with the frequency of five malware occurring every one (1) second” (Razak, 2016). As technology continues to advance and evolve, the opportunities for hackers to perform malicious attacks becomes greater and greater. They are using these new technological tools to hide detection and secretly perform malicious attacks on individuals without them realizing it. A newspaper article from the New York Times states that individuals stole millions of dollars from various banks using malware. David E. Sanger and Nicole Perlroth stated, “The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move… the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts set up in other countries” (Sanger & Perloth, 2016). Individuals from russia impersonated bank officers through which they sent malware to bank computers which in turn allowed for them to study banks actions and routines. From being able to access this, they then started secretly stealing money from 100’s in various countries. They were doing this for a very long period of time before inevitably being caught. This is a perfect case of malware attacks being carried out to perform heinous criminal acts against individuals in this case multiple institutions. Hackers are finding efficient ways to avoid detection and perform harmful attacks such as this one in order to afflict as much damage as they can to a system. In another instance, a popular database server known as MySql was hacked using malware. According to virus bulletin, “This is what happened to mysql.com: the website was modified to include a small JavaScript file hosted on the same server. This file generated an iframe which contained a URL that redirected to another URL. This final URL contained the ‘BlackHole’ exploit pack” (Bulletin, 2019). During 2011 famous software service “MySql” was hacked using an injected malware file in the form of an image which would then send the user to another URL, and this is where the damage started. They were able to infect the iFrame by exploiting vulnerabilities in plug-ins and javascript that were outdated. This is the exact reason why ensuring that these two things are always up to date, because you could leave yourself vulnerable to a malware attack. In another situation, international hackers injected malware into the computers of government officials who weren’t given the proper security training, and left themselves vulnerable to attack. According to Josh Halliday, “Victims’ computers were infected when they opened a cleverly disguised Adobe PDF attachment to an email. The document would be tailored specifically to its target, according to the researchers, as unsuspecting government victims are more likely to open an attachment that mentioned foreign policy, a human rights seminar, or Nato membership plans” (Halliday, 2011).  This is another example that is similar to the previous examples of malware, where international hackers injected malicious malware into the form of PDF documents which looked legit and official. When these government officials received these emails including the PDF links, they clicked on them and left their computers exposed to these attackers. This malware attack is actually one of the first malware attacks created. Although there was no discovery as to what was targeted, nonetheless valuable governmental information was exposed, and usually these attacks are done just for the fun of it.

Working Definition

In conclusion, with all the definitions and examples of malware that could be found throughout various sources and cites I have generated a working definition of the term after doing much research. Malware can be defined as a malicious software program, that can be injected into a system via email, pdf, etc, using various techniques such as coding, scripting, phishing, etc which in turn falsifies itself as a reliable entity, and when it is trusted by an end-user and opened it can then spread throughout a system compromising it, and leaving valuable information exposed to an outside entity. Malware is only growing more and more as technological advancements continue to grow. Finding a stop to malware has become more and more of a challenge due to the advancement of technology and the tools that come with it which are available to hackers for use.


1.Kramer, Simon, and Julian C. Bradfield. “A General Definition of Malware.” SpringerLink, Springer-Verlag, 29 Sept. 2009, https://link.springer.com/article/10.1007/s11416-009-0137-1.

2.Damshenas, M., Dehghantanha, A., & Mahmoud, R. (2013). A survey on malware propagation, analysis, and detection. International Journal of Cyber-Security and Digital Forensics, 2(4), 10+. Retrieved from https://link-gale-com.citytech.ezproxy.cuny.edu/apps/doc/A359172420/AONE?u=cuny_nytc&sid=AONE&xid=906ba4aa

3.Britannica, Educational Publishing Staff. Issues in Cyberspace : From Privacy to Piracy, edited by Robert Curley, Rosen Publishing Group, 2011. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/citytech-ebooks/detail.action?docID=798344.

Created from citytech-ebooks on 2019-10-10 14:42:38.

4.Razak, M., Anuar, N., Salleh, R., & Firdaus, A. (2016). The rise of “malware”: Bibliometric analysis of malware study. Journal of Network and Computer Applications, 75(C), 58-76.

5.Sanger, D. E., & Perlroth, N. (2015, February 14). Bank Hackers Steal Millions via Malware. Retrieved from https://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html.

6.Bulletin, V. (n.d.). Mysql.com hacked, serving malware. Retrieved October 12, 2019, from https://www.virusbulletin.com/blog/2011/09/mysql-com-hacked-serving-malware/.

7.Halliday, J. (2011, February 27). Hackers attack European governments using ‘MiniDuke’ malware. Retrieved October 13, 2019, from https://www.theguardian.com/technology/2013/feb/27/hackers-attack-european-governments-miniduke.

Karmoko Sillah’s 500 Word Essay

To:Profesor Ellis

From:Karmoko Sillah


Subject:500 word summary of Fang’s “A physiological and behavioral feature authentication scheme for medical cloud based on fuzzy-rough core vector machine”.


Liming Fang’s article  “A physiological and behavioral feature authentication scheme for medical cloud based on fuzzy-rough core vector machine” on medical cloud computing and its importance on the impact of cloud storage to medical facilities. 

`Cloud storage is used all across the globe in order to store important information through technology. It allows for institutions and individuals to securely store information . With cloud data comes security risks such as hacking. Because cloud is an online storage system, hackers tend to try to find ways to break into it and steal very important and valuable information. Medical institutions are the main institutions that are liable to be attacked due to the important information such as hospital records that it stores on its databases. The author states, “Although cloud storage provides convenience for media data sharing, it suffers from potential security attacks. In recent years, cloud storage data theft occurred frequently, so it is necessary to improve the security of cloud data storage” (Fang, 2019 p. 5). 


According to the article, the medical system consists of three main categories which are data collection, analysis, and storage. These three things are what collect and hold medical data. ALl three of these things must work together. Without data collection hospitals are unable to collect medical information and then store them in databases. With this data collection, comes security. Computer security is essential to the assurance of data integrity. This article details the fact that doctors and other hospital personnel are liable to be victims of attack because they use simple account logins which can be breached by outside attackers anytime. Data leakage is more liable to happen. The author(s) offer an approach to improving security authentication mechanisms through what is called fuzzy-rough approach.


This fuzzy-rough  approach was implemented through a simulated attack environment with real life participants, which uses various tests to see whether an actual employee of a medical institution is trying to access data, or an outside entity is attempting to gain unauthorized access to the system. In order for this approach to be put into place, researchers had started looking into the physiological and behavioral features of doctors that could be used as authentication. According to the article, the fuzzy-rough approach is highly efficient and reliable making it the best option for medical institutions. This fuzzy rough approach would essentially become a means of increasing security while at the same time enhancing authentication methods. This approach basically looks to create new authentication methods for doctors and other hospital personnel to use in order to identify themselves to the cloud system and then gain access. It would basically be much more advanced than biometric and fingerprint tough authentication methods. A machine called the “Fuzzy rough core vector machine” is what is going to be built which bought in gesture based authentication methods increasing and enhancing security. I found this article very persuasive because the author first identified and described the problems surrounding cloud data such as its security risks. Then he talks about he and his team’s research , and the benefits that it could bring.


Fang, L. (2019, August 9). A physiological and behavioral feature authentication scheme for medical cloud based on fuzzy-rough core vector machine. Retrieved from https://www.sciencedirect.com/science/article/pii/S0020025519307546?via=ihub